Mededeling

Collapse
No announcement yet.

Automatisch chrome opgestart en websites geopend.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Automatisch chrome opgestart en websites geopend.

    Hallo,

    Na 5 jaar helaas weer terug met malware/virus. Na het downloaden van een verkeerd bestand wordt nu random chrome opgestart met diverse tabs open naar wedsites. Dit ook als ik het handmatig opstart.

    Ik heb de beginpost gelezen welke scans ik moet uitvoeren, niet alle programma's zijn meer beschikbaar die erin staan.

    Ik had windows 7, geupgrade naar Windows 10.

    Mallwarebytes 3.0.6
    Malwarebytes
    www.malwarebytes.com

    -Logboekdetails-
    Scandatum: 27-02-17
    Scantijd: 14:10
    Logboekbestand: mb.txt
    Beheerder: Ja

    -Software-informatie-
    Versie: 3.0.6.1469
    Versie componenten: 1.0.50
    Update pakketversie: 1.0.1371
    Licentie: Proef

    -Systeeminformatie-
    Besturingssysteem: Windows 10
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Dennis-PC\Dennis

    -Scansamenvatting-
    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten gescand: 507509
    Verstreken tijd: 5 min, 31 sec

    -Scanopties-
    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    -Scandetails-
    Proces: 4
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\DISKPOWER-INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER (1).EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\NSH8EC4.TMP\GLOBAL_INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371

    Module: 7
    Adware.Elex.SHHKRST, C:\PROGRAM FILES (X86)\PRERQIWARDDACERTAIN\ATCETY.DLL, In quarantaine, [357], [370022],1.0.1371
    Adware.Elex.SHHKRST, C:\PROGRAM FILES (X86)\PRERQIWARDDACERTAIN\ATCETY.DLL, In quarantaine, [357], [370022],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\DISKPOWER-INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER (1).EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\NSH8EC4.TMP\GLOBAL_INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Elex, C:\PROGRAM FILES (X86)\KHAGETHEPUTAIN RENEW\LOCAL64SPL.DLL, In quarantaine, [305], [370429],1.0.1371

    Registersleutel: 19
    Adware.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{D7743BB4-F774-11E6-8881-64006A5CFC23}, In quarantaine, [357], [370022],1.0.1371
    Adware.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{D7743BB4-F774-11E6-8881-64006A5CFC23}\InprocServer32, In quarantaine, [357], [370022],1.0.1371
    Adware.Elex.SHHKRST, HKU\S-1-5-21-3100785392-825444994-737681217-1000_Classes\CHROMEHTML, In quarantaine, [357], [-1],0.0.0
    PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-3100785392-825444994-737681217-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In quarantaine, [2587], [169670],1.0.1371
    PUP.Optional.TweakBit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{315BB544-FC83-4AF5-8C17-0A3D6EE1E5C3}, In quarantaine, [1422], [261572],1.0.1371
    PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F60582CC-4927-46B6-973D-C600FFF0725A}, In quarantaine, [15], [314664],1.0.1371
    Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\jhdbca, In quarantaine, [305], [358186],1.0.1371
    PUP.Optional.Trotux, HKLM\SOFTWARE\WOW6432NODE\trotuxSoftware, In quarantaine, [420], [182848],1.0.1371
    PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TweakBit, In quarantaine, [1422], [349178],1.0.1371
    Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\l9olaieg, In quarantaine, [2094], [339986],1.0.1371
    PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, In quarantaine, [1422], [183459],1.0.1371
    PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, In quarantaine, [1422], [244298],1.0.1371
    PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, In quarantaine, [1422], [244300],1.0.1371
    Adware.Elex, HKU\S-1-5-18\SOFTWARE\jhdbca, In quarantaine, [305], [358190],1.0.1371
    PUP.Optional.SpyHunter, HKLM\SOFTWARE\ENIGMASOFTWAREGROUP\SpyHunter, In quarantaine, [1676], [331803],1.0.1371
    PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Khagetheputain Renew, In quarantaine, [15], [314665],1.0.1371
    PUP.Optional.TweakBit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\TweakBit, In quarantaine, [1422], [340081],1.0.1371
    PUP.Optional.TweakBit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\TWEAKBIT\FIXMYPC\Start FixMyPC automatic scanning, In quarantaine, [1422], [261573],1.0.1371
    Adware.Elex, HKLM\SOFTWARE\jhdbca, In quarantaine, [305], [358186],1.0.1371

    Registerwaarde: 6
    Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{D7743BB4-F774-11E6-8881-64006A5CFC23}, In quarantaine, [357], [370022],1.0.1371
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In quarantaine, [2587], [-1],0.0.0
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In quarantaine, [2587], [-1],0.0.0
    PUP.Optional.TweakBit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{315BB544-FC83-4AF5-8C17-0A3D6EE1E5C3}|PATH, In quarantaine, [1422], [261572],1.0.1371
    PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F60582CC-4927-46B6-973D-C600FFF0725A}|PATH, In quarantaine, [15], [314664],1.0.1371
    Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\l9olaieg|NAME, In quarantaine, [2094], [339986],1.0.1371

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Gegevensstroom: 0
    (Geen kwaadaardige items gedetecteerd)

    Map: 19
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x\Data, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x\Logs, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Data, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\PROGRAMDATA\TweakBit, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.FakeFFProfile, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mehjdaol.default, In quarantaine, [2790], [363173],1.0.1371
    PUP.Optional.FakeFFProfile, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles, In quarantaine, [2790], [363173],1.0.1371
    PUP.Optional.FakeFFProfile, C:\USERS\DENNIS\APPDATA\ROAMING\Mozilla\Firefox\naweriweentcofise, In quarantaine, [2790], [363173],1.0.1371
    PUP.Optional.TweakBit, C:\PROGRAM FILES (X86)\TweakBit, In quarantaine, [1422], [349169],1.0.1371
    PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\SearchProtect\Logs, In quarantaine, [2587], [181462],1.0.1371
    PUP.Optional.SearchProtect.AppFlsh, C:\WINDOWS\SYSWOW64\SEARCHPROTECT, In quarantaine, [2587], [181462],1.0.1371
    PUP.Optional.TweakBit, C:\WINDOWS\SYSTEM32\TASKS\TWEAKBIT\FIXMYPC, In quarantaine, [1422], [331799],1.0.1371
    PUP.Optional.TweakBit, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TWEAKBIT, In quarantaine, [1422], [349172],1.0.1371
    PUP.Optional.TweakBit, C:\WINDOWS\SYSTEM32\TASKS\TWEAKBIT, In quarantaine, [1422], [349176],1.0.1371
    Adware.Elex.Generic, C:\PROGRAM FILES (X86)\KHAGETHEPUTAIN RENEW, In quarantaine, [2155], [358280],1.0.1371

    Bestand: 50
    Adware.Elex.SHHKRST, C:\PROGRAM FILES (X86)\PRERQIWARDDACERTAIN\ATCETY.DLL, In quarantaine, [357], [370022],1.0.1371
    Adware.Elex.SHHKRST, C:\WINDOWS\SYSTEM32\TASKS\Doquther, In quarantaine, [357], [-1],0.0.0
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\DISKPOWER-INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER (1).EXE, In quarantaine, [2331], [350730],1.0.1371
    Adware.Tuto4PC, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\NSH8EC4.TMP\GLOBAL_INSTALLER.EXE, In quarantaine, [2331], [350730],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Data\dlc.dat, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Data\statistics.dat, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Data\unfixed.dat, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPC.log, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPCLogic.log, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x\Data\dlc.dat, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x\Data\statistics.dat, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x\Logs\PCSpeedUp.log, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x\Logs\PCSpeedUpLogic.log, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x\Logs\TweakManagerStatistics.log, In quarantaine, [1422], [349170],1.0.1371
    PUP.Optional.TweakBit, C:\ProgramData\TweakBit\PCSpeedUp\1.x\JunkCleanup_statDB.json, In quarantaine, [1422], [349170],1.0.1371
    Adware.Elex, C:\PROGRAM FILES (X86)\KHAGETHEPUTAIN RENEW\LOCAL64SPL.DLL, In quarantaine, [305], [370429],1.0.1371
    PUP.Optional.FakeFFProfile, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mehjdaol.default\prefs.js , In quarantaine, [2790], [363173],1.0.1371
    PUP.Optional.FakeFFProfile, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mehjdaol.default\profiles .ini, In quarantaine, [2790], [363173],1.0.1371
    PUP.Optional.FakeFFProfile, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mehjdaol.default\search-metadata.json, In quarantaine, [2790], [363173],1.0.1371
    PUP.Optional.FakeFFProfile, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mehjdaol.default\search.j son, In quarantaine, [2790], [363173],1.0.1371
    PUP.Optional.TweakBit, C:\Windows\System32\Tasks\TweakBit\FixMyPC\Start FixMyPC automatic scanning, In quarantaine, [1422], [331799],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEHJDAOL.DEFAULT\PREFS.JS, Vervangen, [420], [302758],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEHJDAOL.DEFAULT\PREFS.JS, Vervangen, [420], [302758],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEHJDAOL.DEFAULT\PREFS.JS, Vervangen, [420], [302758],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEHJDAOL.DEFAULT\PREFS.JS, Vervangen, [420], [302758],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEHJDAOL.DEFAULT\PREFS.JS, Vervangen, [420], [302758],1.0.1371
    Adware.Elex.Generic, C:\PROGRAM FILES (X86)\KHAGETHEPUTAIN RENEW\LOCAL64SPL.DLL.INI, In quarantaine, [2155], [358280],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\PROFILES\BAFESH.DEFAULT\PREFS.JS, Vervangen, [420], [324486],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\PROFILES\BAFESH.DEFAULT\PREFS.JS, Vervangen, [420], [324486],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\PROFILES\BAFESH.DEFAULT\PREFS.JS, Vervangen, [420], [324486],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\PROFILES\BAFESH.DEFAULT\PREFS.JS, Vervangen, [420], [324486],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\PROFILES\BAFESH.DEFAULT\PREFS.JS, Vervangen, [420], [324486],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\PROFILES\BAFESH.DEFAULT\PREFS.JS, Vervangen, [420], [324486],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\PROFILES\BAFESH.DEFAULT\PREFS.JS, Vervangen, [420], [324486],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\PROFILES\BAFESH.DEFAULT\SEARCHPLUGINS\L9OLAIEG.XML, In quarantaine, [420], [324483],1.0.1371
    PUP.Optional.TweakBit, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\PC-SPEED-UP-SETUP.EXE, In quarantaine, [1422], [340091],1.0.1371
    Adware.Elex, C:\PROGRAM FILES (X86)\PRERQIWARDDACERTAIN\MGLOBAL.DLL, In quarantaine, [305], [372847],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL_PC-SPEED-UP-SETUP\GASENDER.EXE, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL__IU14D2N\GOOGLEANALYTICSHELPER.DLL, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL_PC-SPEED-UP-SETUP\AXCOMPONENTSRTL.BPL, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL__IU14D2N\AXCOMPONENTSRTL.BPL, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL_2AC02BED-480E-4564-9122-78206DF1326C_FIXMYPC_SETUP\AXCOMPONENTSRTL.BPL, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL__IU14D2N\GASENDER.EXE, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL_2AC02BED-480E-4564-9122-78206DF1326C_FIXMYPC_SETUP\GOOGLEANALYTICSHELPER.DLL, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL_2AC02BED-480E-4564-9122-78206DF1326C_FIXMYPC_SETUP\GASENDER.EXE, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.TweakBit.Generic, C:\USERS\DENNIS\APPDATA\LOCAL\TEMP\_DEL_PC-SPEED-UP-SETUP\GOOGLEANALYTICSHELPER.DLL, In quarantaine, [2536], [349180],1.0.1371
    PUP.Optional.Elex, C:\WINDOWS\SYSTEM32\TASKS\Khagetheputain Renew, In quarantaine, [15], [314663],1.0.1371
    PUP.Optional.Trotux, C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEHJDAOL.DEFAULT\SEARCHPLUGINS\L9OLAIEG.XML , In quarantaine, [420], [302745],1.0.1371

    Fysieke sector: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    ADWcleaner
    leeg

  • #2
    E-Peek
    E-Peek v 1.9.9.0 ENHANCED 4 © Emphyrio/Onsia Patrick 2013-2017
    E Dev
    Run at ma 27 feb 2017 14:39
    .
    Windows 8.1 (64 bits)
    C:\WINDOWS [NTFS - Fixed]
    Default Browser: Google Chrome
    Boot mode: Normal boot
    User logged in: Dennis
    .
    Java x86: 1.8
    Java x64: n/a
    .
    AV : Windows Defender [Updated - Not Running]
    AV : Malwarebytes [Updated - Running]
    AV : AVG AntiVirus Free Edition [Updated - Not Running]
    AS : Malwarebytes [Updated - Running]
    AS : Windows Defender [Updated - Not Running]
    AS : AVG AntiVirus Free Edition [Updated - Not Running]
    FW : Windows firewall
    .
    ==================== Files and Folders history =================================

    Folders Created Last 7 days :

    27-02-2017 ##### r-h-s-d+a- C:\Users\Dennis\AppData\Roaming\Profiles
    27-02-2017 ##### r-h-s-d+a- C:\Users\Dennis\AppData\Roaming\E Dev
    27-02-2017 ##### r-h-s-d+a- C:\Users\Dennis\AppData\Roaming\Ckevuly
    27-02-2017 ##### r-h-s-d+a- C:\Users\Dennis\AppData\Local\Vaseentatesa
    27-02-2017 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes
    27-02-2017 ##### r-h-s-d+a- C:\Program Files (x86)\Prerqiwarddacertain
    27-02-2017 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services
    27-02-2017 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
    27-02-2017 ##### r-h-s-d+a- C:\AdwCleaner
    27-02-2017 ##### r-h+s-d+a- C:\ProgramData\54c4191F5022U901
    27-02-2017 ##### r-h+s-d+a- C:\OneDriveTemp
    23-02-2017 ##### r-h-s-d+a- C:\Users\Dennis\AppData\Local\TeamSpeak 3
    23-02-2017 ##### r-h-s-d+a- C:\Users\Dennis\.TeamSpeak 3
    21-02-2017 ##### r-h+s-d+a- C:\Program Files\Common FilesEAInstaller

    Files Modified Last 7 days :

    27-02-2017 05039288 r-h-s-d-a+ C:\WINDOWS\system32\FNTCACHE.DAT
    27-02-2017 02299582 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
    27-02-2017 00917464 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
    27-02-2017 00898016 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
    27-02-2017 00255794 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat
    27-02-2017 00215654 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
    25-02-2017 138020592 r-h-s-d-a+ C:\WINDOWS\system32\MRT.exe

    Files Created Last 7 days :

    27-02-2017 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    23-02-2017 01081616 r-h-s-d-a+ C:\WINDOWS\SysWoW64\MSCOMCTL.OCX

    ==================== RUNNING PROCESSES =========================================

    [AdobeGCClient] -Dennis- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe - (Adobe Systems, Incorporated)
    [AGSService] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe - (Adobe Systems, Incorporated)
    [AppleMobileDeviceService] -SYSTEM- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
    [ApplePhotoStreams] -Dennis- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe - (Apple Inc.)
    [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
    [audiodg] -LOCAL SERVICE- C:\WINDOWS\system32\AUDIODG.EXE - (Microsoft Corporation)
    [avgsvca] -SYSTEM- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe - (AVG Technologies CZ, s.r.o.)
    [backgroundTaskHost] -Dennis- C:\WINDOWS\system32\backgroundTaskHost.exe - (Microsoft Corporation)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation)
    [dllhost] -SYSTEM- C:\WINDOWS\system32\DllHost.exe - (Microsoft Corporation)
    [dwm] -DWM-1- C:\WINDOWS\system32\dwm.exe - (Microsoft Corporation)
    [E-Peek 1.9.9.0] -Dennis- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
    [explorer] -Dennis- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation)
    [iCloudServices] -Dennis- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe - (Apple Inc.)
    [iTunesHelper] -Dennis- H:\Programmas\iTunesHelper.exe - (Apple Inc.)
    [lsass] -SYSTEM- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation)
    [MBAMService] -SYSTEM- H:\Programmas\Anti-Malware\mbamservice.exe - (Malwarebytes)
    [mbamtray] -Dennis- H:\Programmas\Anti-Malware\mbamtray.exe - (Malwarebytes)
    [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
    [Memory Compression] -SYSTEM- - (Memory Compression)
    [mqsvc] -NETWORK SERVICE- C:\WINDOWS\system32\mqsvc.exe - (Microsoft Corporation)
    [MSASCuiL] -Dennis- C:\Program Files\Windows Defender\MSASCuiL.exe - (Microsoft Corporation)
    [NvBackend] -Dennis- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation)
    [NVDisplay.Container] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe - ()
    [nvtray] -Dennis- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation)
    [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation)
    [OneDrive] -Dennis- C:\Users\Dennis\AppData\Local\Microsoft\OneDrive\OneDrive.exe - (Microsoft Corporation)
    [OriginWebHelperService] -LOCAL SERVICE- C:\Program Files (x86)\Origin\OriginWebHelperService.exe - (Electronic Arts)
    [PnkBstrA] -SYSTEM- C:\WINDOWS\SysWoW64\PnkBstrA.exe - ()
    [RAVCpl64] -Dennis- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - (Realtek Semiconductor)
    [rundll32] -SYSTEM- C:\Windows\system32\rundll32.exe - (Microsoft Corporation)
    [rundll32] -SYSTEM- C:\WINDOWS\system32\rundll32.exe - (Microsoft Corporation)
    [RuntimeBroker] -Dennis- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation)
    [SearchFilterHost] -SYSTEM- C:\WINDOWS\system32\SearchFilterHost.exe - (Microsoft Corporation)
    [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation)
    [SearchProtocolHost] -SYSTEM- C:\WINDOWS\system32\SearchProtocolHost.exe - (Microsoft Corporation)
    [SearchUI] -Dennis- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe - (Microsoft Corporation)
    [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
    [ShellExperienceHost] -Dennis- C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe - (Microsoft Corporation)
    [sihost] -Dennis- C:\WINDOWS\system32\sihost.exe - (Microsoft Corporation)
    [smartscreen] -Dennis- C:\Windows\System32\smartscreen.exe - (Microsoft Corporation)
    [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
    [SMSvcHost] -LOCAL SERVICE- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe - (Microsoft Corporation)
    [SMSvcHost] -NETWORK SERVICE- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe - (Microsoft Corporation)
    [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
    [SppExtComObj] -NETWORK SERVICE- C:\WINDOWS\system32\SppExtComObj.exe - (Microsoft Corporation)
    [sppsvc] -NETWORK SERVICE- C:\Windows\System32\sppsvc.exe - (sppsvc.exe)
    [System] -N/A- - (System)
    [taskhostw] -Dennis- C:\WINDOWS\system32\taskhostw.exe - (Microsoft Corporation)
    [taskhostw] -SYSTEM- C:\WINDOWS\system32\taskhostw.exe - (Microsoft Corporation)
    [Updater] -SYSTEM- C:\Program Files (x86)\Skype\Updater\Updater.exe - (Skype Technologies)
    [userinit] -N/A- - ()
    [wininit] -SYSTEM- C:\Windows\System32\wininit.exe - (wininit.exe)
    [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation)
    [WmiPrvSE] -NETWORK SERVICE- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
    [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation)

    ==================== IE PAGES ==================================================

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
    Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Local Page = C:\Windows\SysWOW64\blank.htm
    Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    DisplayName = @ieframe.dll,-12512
    URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    ==================== IE PAGES x64 ==============================================

    HKLM\Software\Microsoft\Internet Explorer\Main
    Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Local Page = C:\Windows\System32\blank.htm
    Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    DisplayName = @ieframe.dll,-12512
    URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    ==================== Auto Load =================================================

    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = C:\WINDOWS\system32\userinit.exe,
    Shell = explorer.exe

    ==================== Auto Load x64 =============================================

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = C:\Windows\system32\userinit.exe,
    Shell = Explorer.exe

    ==================== Browsers present ==========================================

    FIREFOX.EXE
    Google Chrome
    IEXPLORE.EXE

    ==================== Firefox ===================================================

    FF - ProfilePath - C:\Users\Dennis\AppData\Roaming\Mozilla\firefox\Profiles\mehjdaol.default

    FF - Ext: [Default 39.0 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} [ visible: True # active: True]
    FF - Ext: [AVG SafeGuard toolbar 18.5.0.909 ] - extension - [email protected] [ visible: True # active: False]
    FF - Ext: [Greasemonkey 3.4.1 ] - extension - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} [ visible: True # active: True]

    FF - PlugIn: [Adobe® Flash® Player 18.0.0.209 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll
    FF - PlugIn: [Battlelog Game Launcher 2.5.1] - C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll
    FF - PlugIn: [Ag Player] - C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
    FF - PlugIn: [Microsoft SharePoint Plug-in for Firefox] - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


    ==================== Google Chrome =============================================

    ==================== Windows Host File =========================================

    127.0.0.1 localhost
    127.0.0.1 localhost

    ==================== BHO =======================================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
    HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
    => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper
    => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll

    {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
    HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
    => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL

    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper
    => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll

    ==================== BHO x64 ===================================================

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
    HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
    => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

    ==================== Auto Start Programs =======================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    Adobe Creative Cloud = "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    AVG_UI = "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
    AvgUi = "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
    QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    43fdbb5a-5125-4638-a542-9f10ce17fb86 = "C:\Users\Dennis\AppData\Local\Temp\is-RJ6D5.tmp\installer.exe"
    474e3a79-9efd-4801-a216-e4962efb9c18 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    5f374377-0f53-472b-bb84-a5478da59c44 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    6712e146-36fb-4578-be49-a2d76cfe5cb5 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    69465803-0739-4a9d-bf49-b2175f726d30 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    8ad4c97a-e5f0-4c12-b36f-a63e8e5518a8 = "C:\Users\Dennis\AppData\Local\Temp\is-K0G2U.tmp\installer.exe"
    ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    cc79f796-3bee-4e69-9046-561da48cdd01 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    d9863ea4-5be6-49d5-96ac-8cdfc791d766 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    e595d878-0679-4809-a3c8-449a4f14a8aa = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    fee51542-88d0-46b9-a4e4-99444276e610 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    Google Update = C:\Users\Dennis\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
    iCloudServices = "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
    OneDrive = "C:\Users\Dennis\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

    HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
    Report = C:\AdwCleaner\AdwCleaner[C0].txt

    ==================== Auto Start Programs x64 ===================================

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    iTunesHelper = "H:\Programmas\iTunesHelper.exe"
    Malwarebytes TrayApp = H:\PROGRAMMAS\ANTI-MALWARE\mbamtray.exe
    NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    WindowsDefender = "C:\Program Files\Windows Defender\MSASCuiL.exe"

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
    RTHDVCPL = 4

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    43fdbb5a-5125-4638-a542-9f10ce17fb86 = "C:\Users\Dennis\AppData\Local\Temp\is-RJ6D5.tmp\installer.exe"
    474e3a79-9efd-4801-a216-e4962efb9c18 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    5f374377-0f53-472b-bb84-a5478da59c44 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    6712e146-36fb-4578-be49-a2d76cfe5cb5 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    69465803-0739-4a9d-bf49-b2175f726d30 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    8ad4c97a-e5f0-4c12-b36f-a63e8e5518a8 = "C:\Users\Dennis\AppData\Local\Temp\is-K0G2U.tmp\installer.exe"
    ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    cc79f796-3bee-4e69-9046-561da48cdd01 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    d9863ea4-5be6-49d5-96ac-8cdfc791d766 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    e595d878-0679-4809-a3c8-449a4f14a8aa = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    fee51542-88d0-46b9-a4e4-99444276e610 = "C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe"
    Google Update = C:\Users\Dennis\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
    iCloudServices = "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
    OneDrive = "C:\Users\Dennis\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Report = C:\AdwCleaner\AdwCleaner[C0].txt

    Startup - C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk
    ==================== Extra Items IE ============================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    HKCU\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InProcServer32
    => HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InProcServer32 {18DF081C-E8AD-4283-A596-FA578C2EBDC3} = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
    => HKCR\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InProcServer32 {DBC80044-A445-435B-BC74-9C25C1C588A9} = C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
    ==================== Extra Items IE x64 ========================================

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    ==================== Internet Default Prefix ===================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Internet Default Prefix x64 ===============================

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Protocol Hijackers ========================================

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf
    CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
    => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [099d78b073783e1b81e0d3a7c68f7e95]

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\tbauth
    CLSID = {14654CA6-5711-491D-B89A-58E571679951}
    => SOFTWARE\Classes\\CLSID\{14654CA6-5711-491D-B89A-58E571679951}\InProcServer32 @ Default = Unknown # C:\Windows\SysWOW64\tbauth.dll # MD5 [e3444faa390373cca8f9464db232da28]

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\windows.tbauth
    CLSID = {14654CA6-5711-491D-B89A-58E571679951}
    => SOFTWARE\Classes\\CLSID\{14654CA6-5711-491D-B89A-58E571679951}\InProcServer32 @ Default = Unknown # C:\Windows\SysWOW64\tbauth.dll # MD5 [e3444faa390373cca8f9464db232da28]

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg
    CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
    => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [4cf29c44e072c377b6866c399947e99a]


    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
    CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
    => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


    ==================== Protocol Hijackers x64 ====================================

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\osf
    CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
    => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [5bcd1b24cf55ba523c59309329dc2321]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbauth
    CLSID = {14654CA6-5711-491D-B89A-58E571679951}
    => SOFTWARE\Classes\\CLSID\{14654CA6-5711-491D-B89A-58E571679951}\InProcServer32 @ Default = Unknown # C:\Windows\System32\tbauth.dll # MD5 [bd2012354f6adb63872ba3304d9c782e]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\windows.tbauth
    CLSID = {14654CA6-5711-491D-B89A-58E571679951}
    => SOFTWARE\Classes\\CLSID\{14654CA6-5711-491D-B89A-58E571679951}\InProcServer32 @ Default = Unknown # C:\Windows\System32\tbauth.dll # MD5 [bd2012354f6adb63872ba3304d9c782e]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml
    CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0}
    => SOFTWARE\Classes\\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\InProcServer32 @ Default = File is missing...

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg
    CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
    => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = File is missing...


    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
    CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
    => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


    ==================== ShellServiceObjectDelayLoad ===============================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== ShellServiceObjectDelayLoad x64 =========================

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== Extra (Torpig/ConduitSearch) ==============================

    HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
    => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll

    HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
    => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll


    ==================== DRIVERS and SERVICES ======================================

    *** Win32OwnProcess ***

    SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
    SERV - R2 - [AGSService] - Adobe Genuine Software Integrity Service - c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
    SERV - R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
    SERV - R2 - [avgsvc] - AVG Service - c:\program files (x86)\avg\framework\common\avgsvca.exe
    SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
    SERV - R2 - [MBAMService] - Malwarebytes Service - h:\programmas\anti-malware\mbamservice.exe
    SERV - R2 - [MSMQ] - Message Queuing - c:\windows\system32\mqsvc.exe
    SERV - R2 - [NVDisplay.ContainerLocalSystem] - NVIDIA Display Container LS - c:\program files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
    SERV - R2 - [Origin Web Helper Service] - Origin Web Helper Service - c:\program files (x86)\origin\originwebhelperservice.exe
    SERV - R2 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe [x]
    SERV - R2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
    SERV - R2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
    SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
    SERV - S2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\av\avgidsagenta.exe
    SERV - S2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\av\avgwdsvca.exe
    SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
    SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
    SERV - S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
    SERV - S3 - [AvgAMPS] - AvgAMPS - c:\program files (x86)\avg\av\avgamps.exe
    SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    SERV - S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
    SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
    SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
    SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
    SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
    SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    SERV - S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe
    SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
    SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
    SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
    SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
    SERV - S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe
    SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
    SERV - S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe
    SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
    SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
    SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
    SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
    SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
    SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
    SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

    *** Win32ShareProcess ***

    SERV - R2 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
    SERV - R2 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
    SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
    SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
    SERV - S2 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
    SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
    SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
    SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
    SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

    *** Others ***

    SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
    SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

    *** File System Driver ***

    DRV - R0 - [AVGIDSHA] - AVGIDSHA - C:\WINDOWS\system32\Drivers\AVGIDSHA.sys
    DRV - R0 - [Avgloga] - AVG Logging Driver - C:\WINDOWS\system32\Drivers\Avgloga.sys
    DRV - R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\WINDOWS\system32\Drivers\Avgmfx64.sys
    DRV - R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\WINDOWS\system32\Drivers\Avgrkx64.sys
    DRV - R0 - [avguniva] - AVG Universal Driver - C:\WINDOWS\system32\Drivers\avguniva.sys
    DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
    DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
    DRV - R0 - [MBAMSwissArmy] - MBAMSwissArmy - C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
    DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
    DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
    DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
    DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

    *** Kernel Driver ***

    DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
    DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
    DRV - R0 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys
    DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
    DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
    DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
    DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
    DRV - R0 - [EhStorTcgDrv] - Microsoft-stuurprogramma voor opslagapparaten met ondersteuning voor IEEE 1667- en TCG-protocollen - C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
    DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
    DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
    DRV - R0 - [iorate] - iorate - C:\WINDOWS\system32\Drivers\iorate.sys
    DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
    DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
    DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
    DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
    DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
    DRV - R0 - [partmgr] - Partition driver - C:\WINDOWS\system32\Drivers\partmgr.sys
    DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
    DRV - R0 - [pciide] - pciide - C:\WINDOWS\system32\Drivers\pciide.sys
    DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
    DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
    DRV - R0 - [PxHlpa64] - PxHlpa64 - C:\WINDOWS\system32\Drivers\PxHlpa64.sys
    DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
    DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
    DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
    DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
    DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
    DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
    DRV - R0 - [volsnap] - Volume Shadow Copy driver - C:\WINDOWS\system32\Drivers\volsnap.sys
    DRV - R0 - [volume] - Volumestuurprogramma - C:\WINDOWS\system32\Drivers\volume.sys
    DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
    DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
    DRV - R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
    DRV - R0 - [WindowsTrustedRTProxy] - Microsoft Windows Trusted Runtime Secure Service - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys
    DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
    DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
    DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
    DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
    DRV - S0 - [Avgboota] - AVG Early Launch Anti-Malware Driver - C:\WINDOWS\system32\Drivers\Avgboota.sys
    DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
    DRV - S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x]

    ==================== SvcHost - White Listed ====================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    apphostsvc = ServiceDll = C:\WINDOWS\system32\inetsrv\apphostsvc.dll [5b0f4fb165256de463a51e3a3127969e]

    w3logsvc = ServiceDll = C:\WINDOWS\system32\inetsrv\w3logsvc.dll [4053fb949f48647a327bc18dfeea4374]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    StateRepository = ServiceDll = C:\WINDOWS\system32\windows.staterepository.dll [4e330ad1eed4a5d582ee415fd55953a2]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    w3svc = ServiceDll = C:\WINDOWS\system32\inetsrv\iisw3adm.dll [85461f6ad65cce84a7bc6d9f2a5861b3]

    was = ServiceDll = C:\WINDOWS\system32\inetsrv\iisw3adm.dll [85461f6ad65cce84a7bc6d9f2a5861b3]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    DHCP = ServiceDll = C:\WINDOWS\system32\dhcpcore.dll [f0d4400ba0f08610d9a551b15bf10b76]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    NcbService = ServiceDll = C:\WINDOWS\System32\ncbservice.dll [04ce2c0f0759eacd886ba4b658b60d5d]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    UserManager = ServiceDll = C:\WINDOWS\System32\usermgr.dll [aa24c61d88e36ba1144072227922173d]

    NetSetupSvc = ServiceDll = C:\WINDOWS\System32\NetSetupSvc.dll [d65f295a049473e6a39ea9a0ea76ca32]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    lanmanserver = ServiceDll = C:\WINDOWS\system32\srvsvc.dll [8ccab08815b50ad78b823db3f96c8604]



    ==================== SvcHost x64 - White Listed ================================

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    apphostsvc = ServiceDll = C:\WINDOWS\system32\inetsrv\apphostsvc.dll [5b0f4fb165256de463a51e3a3127969e]

    w3logsvc = ServiceDll = C:\WINDOWS\system32\inetsrv\w3logsvc.dll [4053fb949f48647a327bc18dfeea4374]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    TileDataModelSvc = ServiceDll = C:\WINDOWS\system32\tileobjserver.dll [3b3c607c3c62dfbef61938da2cab94df]

    WalletService = ServiceDll = C:\WINDOWS\system32\WalletService.dll [1483be4d0135c378cb61d3cd73ab3e03]

    StateRepository = ServiceDll = C:\WINDOWS\system32\windows.staterepository.dll [4e330ad1eed4a5d582ee415fd55953a2]

    EntAppSvc = ServiceDll = C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [3ce2b6aecb9af8bc159299eec46a35ca]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    BthHFSrv = ServiceDll = C:\WINDOWS\System32\BthHFSrv.dll [b157d72bda6a6dd6e9dc6bf338cd0cf8]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    FrameServer = ServiceDll = C:\WINDOWS\system32\FrameServer.dll [8b52024d3a5c3a12f1c4d75d30a976c5]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    w3svc = ServiceDll = C:\WINDOWS\system32\inetsrv\iisw3adm.dll [85461f6ad65cce84a7bc6d9f2a5861b3]

    was = ServiceDll = C:\WINDOWS\system32\inetsrv\iisw3adm.dll [85461f6ad65cce84a7bc6d9f2a5861b3]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    PhoneSvc = ServiceDll = C:\WINDOWS\System32\PhoneService.dll [d0d57322abc7473e54472d8374169cc5]

    LicenseManager = ServiceDll = C:\WINDOWS\system32\LicenseManagerSvc.dll [5a23e4be0ccf49663c4cf7eb74c20278]

    CDPSvc = ServiceDll = C:\WINDOWS\System32\CDPSvc.dll [2e6612376d257f74781f2ef1f869d8c3]

    tzautoupdate = ServiceDll = C:\WINDOWS\system32\tzautoupdate.dll [f723552f65d44fe693db1a383825b3a8]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    TimeBrokerSvc = ServiceDll = C:\WINDOWS\System32\TimeBrokerServer.dll [c1f8cbe2d4843e0ccc3efea2ec60d4ab]

    NgcCtnrSvc = ServiceDll = C:\WINDOWS\System32\NgcCtnrSvc.dll [b996de26a2e16053c9485f5905b05320]

    AJRouter = ServiceDll = C:\WINDOWS\System32\AJRouter.dll [d0905d4a945d01d4b28db9e1bd5985f7]

    icssvc = ServiceDll = C:\WINDOWS\System32\tetheringservice.dll [937ac47f7356554da05d9722c356eb55]

    RmSvc = ServiceDll = C:\WINDOWS\System32\RMapi.dll [5daa644f17780fc4e3f4820a46d38fec]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    CoreMessagingRegistrar = ServiceDll = C:\WINDOWS\system32\coremessaging.dll [5de2049d5f57c1d142f36fa9ce443693]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    HvHost = ServiceDll = C:\WINDOWS\System32\hvhostsvc.dll [0c84c250f80eaec2c9768464cc1a9626]

    DsSvc = ServiceDll = C:\WINDOWS\System32\DsSvc.dll [5fca45c24501da7390065d3706a9fc3f]

    EmbeddedMode = ServiceDll = C:\WINDOWS\System32\embeddedmodesvc.dll [80a7999de02ce678b865832e1ce78cd6]

    DevQueryBroker = ServiceDll = C:\WINDOWS\system32\DevQueryBroker.dll [cdf1b1b5c5951111791c236b2696c7f8]

    SmsRouter = ServiceDll = C:\WINDOWS\system32\SmsRouterSvc.dll [0b217141ac1283655402cdb356577735]

    NgcSvc = ServiceDll = C:\WINDOWS\system32\ngcsvc.dll [54c31c2b815e2e26bb8158022f837c9c]

    SensorService = ServiceDll = C:\WINDOWS\system32\SensorService.dll [c09a42163878a082c3f0d0a3dfe95714]

    vmicvmsession = ServiceDll = C:\WINDOWS\System32\icsvc.dll [704609d80666fcb1dae91260cf2cbb20]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    shpamsvc = ServiceDll = C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [cf3bdf9ead8d3ef671e9339b44b185ba]

    DmEnrollmentSvc = ServiceDll = C:\WINDOWS\system32\Windows.Internal.Management.dll [09cf47a74bfb480b8262fcee222004b6]

    dmwappushservice = ServiceDll = C:\WINDOWS\system32\dmwappushsvc.dll [6e5ee6e420fecd64de463c5f01cbfe71]

    WpnService = ServiceDll = C:\WINDOWS\system32\WpnService.dll [60e2eb3e7b7f15c25e02462159f90707]

    XboxNetApiSvc = ServiceDll = C:\WINDOWS\system32\XboxNetApiSvc.dll [335e6f2be58523b295945c840c185b00]

    DcpSvc = ServiceDll = C:\WINDOWS\system32\dcpsvc.dll [ae9f09f87755c18904656cb4f59f351d]

    RetailDemo = ServiceDll = C:\WINDOWS\system32\RDXService.dll [0660f4a14f9d2a2f59b26b1d74f1a6d0]

    UserManager = ServiceDll = C:\WINDOWS\System32\usermgr.dll [aa24c61d88e36ba1144072227922173d]

    dosvc = ServiceDll = C:\WINDOWS\system32\dosvc.dll [1eb7c2f34efd0b1aae841f0272531106]

    XblAuthManager = ServiceDll = C:\WINDOWS\System32\XblAuthManager.dll [f39d6915451d9226ac9a5e7ae70e2aba]

    XblGameSave = ServiceDll = C:\WINDOWS\System32\XblGameSave.dll [765ff96467a26c4c03281eca426ec2d9]

    UsoSvc = ServiceDll = C:\WINDOWS\system32\usocore.dll [ebf9e40845362dbe2ad0db3077269488]

    wisvc = ServiceDll = C:\WINDOWS\system32\flightsettings.dll [ecd999d8412a3473c26b118f89db9908]

    NetSetupSvc = ServiceDll = C:\WINDOWS\System32\NetSetupSvc.dll [d65f295a049473e6a39ea9a0ea76ca32]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    MapsBroker = ServiceDll = C:\WINDOWS\System32\moshost.dll [caaf0cd70fee7c5110b1e62804e41b17]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    sdrsvc = ServiceDll = C:\WINDOWS\System32\SDRSVC.dll [f3714dbaa42c15f78ffcdfe4273214eb]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    lanmanserver = ServiceDll = C:\WINDOWS\system32\srvsvc.dll [8ccab08815b50ad78b823db3f96c8604]

    browser = ServiceDll = C:\WINDOWS\System32\browser.dll [b3f32c630dd3f2f6a6091b89cff13641]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    UnistoreSvc = ServiceDll = C:\WINDOWS\System32\unistore.dll [b8272bb8d4982c496fdc704809c38e02]

    UserDataSvc = ServiceDll = C:\WINDOWS\System32\userdataservice.dll [4cc81ab9d380a6264ff4c0c1512cf965]

    OneSyncSvc = ServiceDll = C:\WINDOWS\System32\APHostService.dll [17997dc2441f7e29cdfc6458e0392764]

    MessagingService = ServiceDll = C:\WINDOWS\System32\MessagingService.dll [55a417c3e41f2a98666cf929ec19108e]

    WpnUserService = ServiceDll = C:\WINDOWS\System32\WpnUserService.dll [c7c91fb86a3c6cd7619725a88ed1884c]

    PimIndexMaintenanceSvc = ServiceDll = C:\WINDOWS\System32\PimIndexMaintenance.dll [b4ab2c0177715ffaed88a1223212043a]

    CDPUserSvc = ServiceDll = C:\WINDOWS\System32\CDPUserSvc.dll [a93c9b9ebe2fde5a536000d72cc17f7f]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    DiagTrack = ServiceDll = C:\WINDOWS\system32\diagtrack.dll [cad14e0ad1f03397e9b1c8733d76bef4]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    clipsvc = ServiceDll = C:\WINDOWS\System32\ClipSVC.dll [e133cfcbfabb3cb517be9f42fea5887c]



    ==================== SigCheck x86 Fast =========================================

    Fast Scan All ok

    ==================== SigCheck x64 Fast =========================================

    Fast Scan All ok

    ==================== Job tasks at C:\WINDOWS\Tasks =============================

    C:\WINDOWS\Tasks\1114tbUpdateInfo.job 348 bytes [ 12-11-2014 20:06:41 ]

    C:\WINDOWS\Tasks\1214tbUpdateInfo.job 348 bytes [ 10-12-2014 20:16:25 ]

    C:\WINDOWS\Tasks\1215avUpdateInfo.job 340 bytes [ 8-12-2015 17:17:48 ]

    C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 940 bytes [ 27-7-2015 21:53:54 ]

    C:\WINDOWS\Tasks\AutoKMS.job 202 bytes [ 21-10-2012 22:09:51 ]

    C:\WINDOWS\Tasks\AutoKMSDaily.job 202 bytes [ 21-10-2012 22:09:51 ]

    C:\WINDOWS\Tasks\Bkbymwwp.job 304 bytes [ 5-10-2012 22:09:16 ]

    C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 11-10-2016 20:41:19 ]


    ==================== Job tasks at C:\WINDOWS\system32\Tasks ====================

    C:\WINDOWS\system32\Tasks\1114tbUpdateInfo 2300 bytes [ 11-10-2016 20:41:19 ]
    => C:\ProgramData\Avg_Update_1114tb\1114tb_{C066F8F4-36D8-48E0-B414-A4345FCD28D5}.exe

    C:\WINDOWS\system32\Tasks\1214tbUpdateInfo 2300 bytes [ 11-10-2016 20:41:19 ]
    => C:\ProgramData\Avg_Update_1214tb\1214tb_{811280E3-D7E8-4012-A810-4BAFA04720E1}.exe

    C:\WINDOWS\system32\Tasks\1215avUpdateInfo 2292 bytes [ 11-10-2016 20:41:19 ]
    => C:\ProgramData\Avg_Update_1215av\1215av_AVG-Secure-Search-Update.exe

    C:\WINDOWS\system32\Tasks\54c4191F5022U901 16828 bytes [ 27-2-2017 14:06:35 ]
    => C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 4562 bytes [ 11-10-2016 20:41:19 ]
    => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 3220 bytes [ 11-10-2016 20:41:19 ]
    => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-Dennis-PC-Dennis 2762 bytes [ 11-10-2016 20:41:19 ]
    => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

    C:\WINDOWS\system32\Tasks\AutoKMS 1950 bytes [ 11-10-2016 20:41:19 ]
    => C:\Windows\AutoKMS.exe

    C:\WINDOWS\system32\Tasks\AutoKMSDaily 2292 bytes [ 11-10-2016 20:41:19 ]
    => C:\Windows\AutoKMS.exe

    C:\WINDOWS\system32\Tasks\AVG EUpdate Task 3668 bytes [ 13-11-2016 21:35:04 ]
    => avgsetupx.exe

    C:\WINDOWS\system32\Tasks\Bkbymwwp 2212 bytes [ 11-10-2016 20:41:19 ]
    => C:\Windows\system32\rundll32.exe

    C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 3450 bytes [ 11-10-2016 20:41:19 ]
    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 3574 bytes [ 11-10-2016 20:41:19 ]
    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3100785392-825444994-737681217-1000Core 3564 bytes [ 11-10-2016 20:41:19 ]
    => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3100785392-825444994-737681217-1000UA 3832 bytes [ 11-10-2016 20:41:19 ]
    => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task 2822 bytes [ 11-10-2016 20:41:19 ]
    => C:\Users\Isolde\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe

    C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2 3280 bytes [ 14-12-2016 16:46:28 ]
    => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

    C:\WINDOWS\system32\Tasks\{3095F5EE-7E1F-4383-AFB6-1E554AF6DF29} 3300 bytes [ 22-2-2017 12:25:36 ]
    => C:\WINDOWS\system32\pcalua.exe

    C:\WINDOWS\system32\Tasks\{85A0B1FD-399E-4180-BBA3-88A041B65811} 2280 bytes [ 11-10-2016 20:41:19 ]
    => C:\Windows\system32\pcalua.exe

    C:\WINDOWS\system32\Tasks\{F46F6ED6-46BC-4549-9377-21219F147CA7} 2100 bytes [ 11-10-2016 20:41:19 ]
    => C:\Users\Dennis\Desktop\vleesdief\Player.exe


    ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ====================

    There are no .job files found.

    ==================== End scanning at ma 27 feb 2017 14:40 (0 Min 43 Sec ) ======

    GMER
    Kon worden overgeslaan aldus beginpost

    Comment


    • #3
      Laatste Malware geblokkeerde malware/websites:
      Malwarebytes
      www.malwarebytes.com

      -Logboekdetails-
      Datum beveiligingsgebeurtenis: 27-02-17
      Tijd beveiligingsgebeurtenis: 14:44
      Logboekbestand:
      Beheerder: Ja

      -Software-informatie-
      Versie: 3.0.6.1469
      Versie componenten: 1.0.50
      Update pakketversie: 1.0.1371
      Licentie: Proef

      -Systeeminformatie-
      Besturingssysteem: Windows 10
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: System

      -Details van geblokkeerde website-
      Kwaadaardige website: 1
      , , Geblokkeerd, [-1], [-1],0.0.0

      -Websitegegevens-
      Domein: xml.pdn-3.com
      IP-adres: 174.137.155.139
      Poort: [50240]
      Type: Uitgaand
      Bestand: C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe



      (end)

      ----------------
      Malwarebytes
      www.malwarebytes.com

      -Logboekdetails-
      Datum beveiligingsgebeurtenis: 27-02-17
      Tijd beveiligingsgebeurtenis: 14:44
      Logboekbestand:
      Beheerder: Ja

      -Software-informatie-
      Versie: 3.0.6.1469
      Versie componenten: 1.0.50
      Update pakketversie: 1.0.1371
      Licentie: Proef

      -Systeeminformatie-
      Besturingssysteem: Windows 10
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: System

      -Details van geblokkeerde website-
      Kwaadaardige website: 1
      , , Geblokkeerd, [-1], [-1],0.0.0

      -Websitegegevens-
      Domein: xml.pdn-3.com
      IP-adres: 174.137.155.139
      Poort: [50239]
      Type: Uitgaand
      Bestand: C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe



      (end)

      ------------------
      Malwarebytes
      www.malwarebytes.com

      -Logboekdetails-
      Datum beveiligingsgebeurtenis: 27-02-17
      Tijd beveiligingsgebeurtenis: 14:44
      Logboekbestand:
      Beheerder: Ja

      -Software-informatie-
      Versie: 3.0.6.1469
      Versie componenten: 1.0.50
      Update pakketversie: 1.0.1371
      Licentie: Proef

      -Systeeminformatie-
      Besturingssysteem: Windows 10
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: System

      -Details van geblokkeerde website-
      Kwaadaardige website: 1
      , , Geblokkeerd, [-1], [-1],0.0.0

      -Websitegegevens-
      Domein: xml.pdn-3.com
      IP-adres: 174.137.155.139
      Poort: [50229]
      Type: Uitgaand
      Bestand: C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe



      (end)
      ----------------------
      Malwarebytes
      www.malwarebytes.com

      -Logboekdetails-
      Datum beveiligingsgebeurtenis: 27-02-17
      Tijd beveiligingsgebeurtenis: 14:40
      Logboekbestand:
      Beheerder: Ja

      -Software-informatie-
      Versie: 3.0.6.1469
      Versie componenten: 1.0.50
      Update pakketversie: 1.0.1371
      Licentie: Proef

      -Systeeminformatie-
      Besturingssysteem: Windows 10
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: System

      -Details van geblokkeerde website-
      Kwaadaardige website: 1
      , , Geblokkeerd, [-1], [-1],0.0.0

      -Websitegegevens-
      Domein: www.reimageplus.com
      IP-adres: 161.47.7.14
      Poort: [49865]
      Type: Uitgaand
      Bestand: C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe



      (end)

      Comment


      • #4
        Misschien al vooruitlopend, maar hierbij
        FRST.txt
        Addition.txt
        Last edited by attatae; 27-02-17, 14:08.

        Comment


        • #5
          Download ResetBrowser naar het bureaublad.
          • Sluit eerst alle openstaande programma's en browsers.
          • Klik vervolgens met de rechtermuisknop op ResetBrowser.exe en kies voor "Als Administrator uitvoeren".
          • Als het scherm "About ResetBrowser" opent klik daar dan "OK".
          • Het scherm van "ResetBrowser" opent.
          • Klik Reset Firefox.
          • Klik Reset Chrome.
          • Klik Reset Internet Explorer.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Start de Farbar Recovery Scan Tool nogmaals.
            • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
            • Dubbelklik op FRST.exe om de tool te starten.
            • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
            • Druk op de Fix knop
            • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
            • Voeg dit logbestand als bijlage toe aan het volgende bericht..
            Bijgevoegde Bestanden

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Resetbrowser uitgevoerd
              Farbar Recovery Nog bezig

              Na het uitvoeren van de Resetbrowser is Microsoft Edge als mijn standaardbrowser ingesteld. De websites komen nog steeds en worden nu geopend in Edge.

              Farbar is al ong een half uur aan het fixen. Hoort dit? Er is wel al een log aangemaakt die ik heb bijgevoegd.


              Edit 17:01
              Voor de zekerheid standaardbrowser aangepast naar Firefox, nu worden hier de websites in geopend en laat het Edge en chrome met rust.
              Bijgevoegde Bestanden
              Last edited by attatae; 27-02-17, 16:01. Reden: Standaardbrowser

              Comment


              • #8
                Wil je die fix nogmaals uitvoeren aub.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Hij heeft gisteren een paar uur staan draaien zonder vooruitgang, in normale modus en veilige modus, maar het enige wat ik zie is:
                  "bezig met fixing, een ogenblik geduld ..." en dan de groene balk die van links naar rechts beweegt.

                  Ik heb hem nu weer aangezet.

                  Comment


                  • #10
                    Wat ik ook doe, Farbar doet helemaal niets. Niet in gewone modus, niet in veilige modus.

                    Websites die geladen worden zijn steeds meer. Nu zag ik in taakbeheer dat AdShow (installer.exe) wordt geladen wanneer de websites verschijnen. Bestandslocatie is C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp, aangemaakt op het moment dat ik problemen kreeg gisteren.

                    Dit had je ook in de fixlist gezet:

                    HKU\S-1-5-21-3100785392-825444994-737681217-1000\...\Run: [e595d878-0679-4809-a3c8-449a4f14a8aa] => C:\Users\Dennis\AppData\Local\Temp\is-BCO1J.tmp\installer.exe [5120 2017-02-27] () <===== AANDACHT

                    Edit:
                    Het werd steeds erger met het openen van websites dat ik alle processen van Adshow heb beeindigd en die tempbestanden heb verwijderd. Websites worden nu niet meer geladen.

                    CCleaner laten draaien en de verwijzingen in de registers naar bovenstaande bestanden ook verwijderd. Nu staan de processen ook niet meer bij taakbeheer-opstarten.

                    In taakbeheer blijft bijn processorload op 100% staan, door interrupts van het systeem, taakbeheer e.a, deze wisselt van Windows services, maar de load blijft 100%. In veilige modus is dit 0%-2%.

                    Veilige modus: 28 processen, 480 threads, 9239 ingangen.
                    Normale modus: 98 processen, 1780 threads, 34000 ingangen.

                    Volgens mij is er nog steeds ergens iets actief op de pc
                    Last edited by attatae; 28-02-17, 10:37.

                    Comment


                    • #11
                      Goede morgen,

                      Kan je dit proberen aub.,

                      Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
                      Klik hier voor een uitgebreide handleiding van HitmanPro.
                      • Houd de linker CTRL toets ingedrukt en dubbelklik op "HitmanPro36.exe" om de "Force Breach" te starten en klik op "volgende" als HitmanPro de processen heeft geblokkeerd.
                      • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
                      • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
                      • Als de scan klaar is klik je op "volgende"
                      • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
                      • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
                      • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
                        Post dit logje.
                      • Klik nu op de knop "Herstarten".

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Hitman Pro uitgevoerd. Bij geforceerd starten waren er 44 processen geblokkeerd. 100% load bleef aan.


                        Log bijgevoegd.
                        Bijgevoegde Bestanden

                        Comment


                        • #13
                          Ok, wat anders proberen.

                          Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
                          • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
                          • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
                          • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
                          • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
                          • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
                          • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
                          • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
                          • Als het verwijderen gereed is klikt u op de knop "Rapport bekijken" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
                          • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
                          • Herstart nu de computer.

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            Emsisoft laten draaien in normale modus.

                            Download link werkt niet, heb hem van http://dl.emsisoft.com/EmsisoftEmergencyKit.exe gedownload.
                            Diepe scan bestaat niet meer, heb nu alles in alle schijven laten scannen.

                            C:\Users\Dennis\AppData\Local\Temp\Rar$EX26.560\Office_2013_Toolkit_And_EZ_activator_Full_Final.exe Ontdekt: Gen:Variant.Jaik.14962 (B) [krnl.xmd]
                            Dit was het bestand wat ik had gedownload en de problemen veroorzaakte.

                            Log bijgevoegd. Load nog steeds 100%
                            Bijgevoegde Bestanden
                            Last edited by attatae; 28-02-17, 12:27.

                            Comment


                            • #15
                              Dat is vreemd.

                              Ik wil een andere tool laten proberen.

                              Download ComboFix van één van deze locaties:

                              Link 1
                              Link 2


                              * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

                              >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.






                              1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

                              * (hier of hier

                              2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
                              3. Dubbelklik op "Combofix.exe" om de tool te starten.
                              4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

                              * Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

                              5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X